From 934794b343a4206b8bd5460245cc56f40cb8fbcf Mon Sep 17 00:00:00 2001 From: FongMi Date: Tue, 8 Aug 2023 19:59:00 +0800 Subject: [PATCH] Fix bug --- .../main/java/com/fongmi/android/tv/App.java | 3 - catvod/build.gradle | 1 - .../java/com/github/catvod/net/OkHttp.java | 11 +-- .../java/com/github/catvod/net/SSLCompat.java | 74 ++++++++++++------- 4 files changed, 49 insertions(+), 40 deletions(-) diff --git a/app/src/main/java/com/fongmi/android/tv/App.java b/app/src/main/java/com/fongmi/android/tv/App.java index b12360b4b..b38e59b43 100644 --- a/app/src/main/java/com/fongmi/android/tv/App.java +++ b/app/src/main/java/com/fongmi/android/tv/App.java @@ -22,9 +22,6 @@ import com.orhanobut.logger.LogAdapter; import com.orhanobut.logger.Logger; import com.orhanobut.logger.PrettyFormatStrategy; -import org.conscrypt.Conscrypt; - -import java.security.Security; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; diff --git a/catvod/build.gradle b/catvod/build.gradle index c3277f5d2..bfdf34309 100644 --- a/catvod/build.gradle +++ b/catvod/build.gradle @@ -21,6 +21,5 @@ dependencies { api 'com.orhanobut:logger:2.2.0' api 'com.squareup.okhttp3:okhttp:' + okhttpVersion api 'com.squareup.okhttp3:okhttp-dnsoverhttps:' + okhttpVersion - api 'org.conscrypt:conscrypt-android:2.5.2' api 'org.jsoup:jsoup:' + jsoupVersion } \ No newline at end of file diff --git a/catvod/src/main/java/com/github/catvod/net/OkHttp.java b/catvod/src/main/java/com/github/catvod/net/OkHttp.java index e86920b6c..a2caa58fc 100644 --- a/catvod/src/main/java/com/github/catvod/net/OkHttp.java +++ b/catvod/src/main/java/com/github/catvod/net/OkHttp.java @@ -5,15 +5,12 @@ import android.util.ArrayMap; import com.github.catvod.bean.Doh; import com.github.catvod.utils.Path; -import java.util.Arrays; -import java.util.List; import java.util.Map; import java.util.Objects; import java.util.concurrent.TimeUnit; import okhttp3.Cache; import okhttp3.Call; -import okhttp3.ConnectionSpec; import okhttp3.Dns; import okhttp3.Headers; import okhttp3.HttpUrl; @@ -40,7 +37,7 @@ public class OkHttp { } public void setDoh(Doh doh) { - OkHttpClient dohClient = new OkHttpClient.Builder().connectionSpecs(getConnectionSpec()).cache(new Cache(Path.doh(), CACHE)).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build(); + OkHttpClient dohClient = new OkHttpClient.Builder().cache(new Cache(Path.doh(), CACHE)).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build(); dns = doh.getUrl().isEmpty() ? null : new DnsOverHttps.Builder().client(dohClient).url(HttpUrl.get(doh.getUrl())).bootstrapDnsHosts(doh.getHosts()).build(); client = null; noRedirect = null; @@ -61,7 +58,7 @@ public class OkHttp { } public static OkHttpClient client(int timeout) { - return new OkHttpClient.Builder().connectionSpecs(getConnectionSpec()).connectTimeout(timeout, TimeUnit.MILLISECONDS).readTimeout(timeout, TimeUnit.MILLISECONDS).writeTimeout(timeout, TimeUnit.MILLISECONDS).dns(dns()).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build(); + return new OkHttpClient.Builder().connectTimeout(timeout, TimeUnit.MILLISECONDS).readTimeout(timeout, TimeUnit.MILLISECONDS).writeTimeout(timeout, TimeUnit.MILLISECONDS).dns(dns()).hostnameVerifier(SSLCompat.VERIFIER).sslSocketFactory(new SSLCompat(), SSLCompat.TM).build(); } public static Call newCall(String url) { @@ -88,10 +85,6 @@ public class OkHttp { return client.newCall(new Request.Builder().url(url).post(body).build()); } - private static List getConnectionSpec() { - return Arrays.asList(ConnectionSpec.RESTRICTED_TLS, ConnectionSpec.COMPATIBLE_TLS, ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT); - } - private static HttpUrl buildUrl(String url, ArrayMap params) { HttpUrl.Builder builder = Objects.requireNonNull(HttpUrl.parse(url)).newBuilder(); for (Map.Entry entry : params.entrySet()) builder.addQueryParameter(entry.getKey(), entry.getValue()); diff --git a/catvod/src/main/java/com/github/catvod/net/SSLCompat.java b/catvod/src/main/java/com/github/catvod/net/SSLCompat.java index 17f5a1bda..3af1a8f13 100644 --- a/catvod/src/main/java/com/github/catvod/net/SSLCompat.java +++ b/catvod/src/main/java/com/github/catvod/net/SSLCompat.java @@ -2,37 +2,51 @@ package com.github.catvod.net; import android.annotation.SuppressLint; -import org.conscrypt.Conscrypt; - import java.io.IOException; import java.net.InetAddress; import java.net.Socket; -import java.security.Provider; -import java.security.Security; import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; public class SSLCompat extends SSLSocketFactory { public static final HostnameVerifier VERIFIER = (hostname, session) -> true; - + private static String[] cipherSuites; + private static String[] protocols; private SSLSocketFactory factory; + static { + try { + SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(); + List protocols = new LinkedList<>(); + for (String protocol : socket.getSupportedProtocols()) if (!protocol.toUpperCase().contains("SSL")) protocols.add(protocol); + SSLCompat.protocols = protocols.toArray(new String[protocols.size()]); + List allowedCiphers = Arrays.asList("TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"); + List availableCiphers = Arrays.asList(socket.getSupportedCipherSuites()); + HashSet preferredCiphers = new HashSet<>(allowedCiphers); + preferredCiphers.retainAll(availableCiphers); + preferredCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites()))); + SSLCompat.cipherSuites = preferredCiphers.toArray(new String[preferredCiphers.size()]); + } catch (IOException e) { + e.printStackTrace(); + } + } + public SSLCompat() { try { - Provider provider = Conscrypt.newProvider(); - Security.insertProviderAt(provider, 1); - SSLContext context = SSLContext.getInstance("TLS", provider); - context.init(null, new TrustManager[]{TM}, null); - factory = context.getSocketFactory(); - HttpsURLConnection.setDefaultSSLSocketFactory(factory); + SSLContext context = SSLContext.getInstance("TLS"); + context.init(null, new X509TrustManager[]{TM}, null); + HttpsURLConnection.setDefaultSSLSocketFactory(factory = context.getSocketFactory()); } catch (Exception e) { e.printStackTrace(); } @@ -40,51 +54,57 @@ public class SSLCompat extends SSLSocketFactory { @Override public String[] getDefaultCipherSuites() { - return factory.getDefaultCipherSuites(); + return cipherSuites; } @Override public String[] getSupportedCipherSuites() { - return factory.getSupportedCipherSuites(); - } - - @Override - public Socket createSocket() throws IOException { - return enableTLSOnSocket(factory.createSocket()); + return cipherSuites; } @Override public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { - return enableTLSOnSocket(factory.createSocket(s, host, port, autoClose)); + Socket ssl = factory.createSocket(s, host, port, autoClose); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; } @Override public Socket createSocket(String host, int port) throws IOException { - return enableTLSOnSocket(factory.createSocket(host, port)); + Socket ssl = factory.createSocket(host, port); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; } @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException { - return enableTLSOnSocket(factory.createSocket(host, port, localHost, localPort)); + Socket ssl = factory.createSocket(host, port, localHost, localPort); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; } @Override public Socket createSocket(InetAddress host, int port) throws IOException { - return enableTLSOnSocket(factory.createSocket(host, port)); + Socket ssl = factory.createSocket(host, port); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; } @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { - return enableTLSOnSocket(factory.createSocket(address, port, localAddress, localPort)); + Socket ssl = factory.createSocket(address, port, localAddress, localPort); + if (ssl instanceof SSLSocket) upgradeTLS((SSLSocket) ssl); + return ssl; } - private Socket enableTLSOnSocket(Socket socket) { - if (socket instanceof SSLSocket) ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.2", "TLSv1.3"}); - return socket; + private void upgradeTLS(SSLSocket ssl) { + if (protocols != null) ssl.setEnabledProtocols(protocols); + if (cipherSuites != null) ssl.setEnabledCipherSuites(cipherSuites); } @SuppressLint({"TrustAllX509TrustManager", "CustomX509TrustManager"}) public static final X509TrustManager TM = new X509TrustManager() { + @Override public void checkClientTrusted(X509Certificate[] chain, String authType) { }